PMO spokesperson Ashutosh Kumar said in an email to Business Insider that he is “open to working with the [Canadian] government on their privacy, data and security concerns.”
The PMO was formed in April 2016 to manage the federal government’s relationship with private sector companies and to make decisions on issues like digital services, intellectual property and public safety.
The Canadian government has been grappling with the fallout from the mass leak of personal information from former PMO staffer Daniel Therrien, including the Prime Minister’s personal email account, phone numbers, and other personal information.
Therrien was convicted of criminal offences related to the breach, and was sentenced to prison in May 2018 for fraud and breach of trust, but the Prime Minster has since pardoned him.
The PM has repeatedly said he is innocent of the crimes committed against him, and the government has argued the information was released under a valid parliamentary privilege.
However, in response to a question on whether the Prime Ministers Office was responsible for the breach of privilege, Kumar said the PMO would review its collection practices in light of a report from the parliamentary oversight committee, which said it was possible for government employees to access personal data on their own.
The committee said in a report published earlier this month that the government could have complied with the privilege law by keeping all personal data private, but it did not find it to be an appropriate solution.
The report also noted that some data collected by the government in response was not shared with other departments, such as the RCMP, which is part of the RCMP’s data breach investigation team.
“In light of these issues, the PM has ordered the [Prime Minister’s Office] to review their practices to ensure that information can be shared with all appropriate authorities, and to review the process for releasing personal data collected in response,” Kumar said.
Kumar did not answer a follow-up question on how long the review would take, or if any recommendations would be made to Parliament.
The RCMP is not the only federal government department that has been affected by the breach.
The Federal Bureau of Investigation is also reviewing whether or not to release personal information about some employees.